The present disclosure relates generally to the field of computer systems, and more particularly, to a system and method for detecting an unauthorized client in a networked computer system.
A convenient way for networked computer systems to communicate with one another is through the used of internet protocol or “IP” addresses. In such systems, each client computer on the network is assigned a unique IP address. In some systems, the IP address assigned to a particular computer system is a “static IP address”, namely an IP address that remains fixed over time. In other systems, IP addresses which are not currently in use by computer systems on the network are reassigned to computer systems currently requesting assignment of an IP address. IP addresses which are reused or recycled are often referred to as “dynamic IP addresses” because they change over time from computer system to computer system.
Dynamic IP addresses are a very convenient way to manage addressing in the enterprise environment which includes large numbers of client systems all competing for a limited pool of IP addresses. However, the dynamic addressing approach involves some significant network security concerns. Assume for example the case of an unauthorized client which, unknown to the user, is infected with a virus. If the unauthorized client connects to the network and requests an IP address, it is possible that the unauthorized client will automatically obtain an IP address from a network server. It is then possible that the virus code on the unauthorized client will attack the server and/or other clients on the network.
Accordingly, what is needed is a system and method for assigning addresses for client systems in a manner which solves the problem described above.